Elliptic Curve Extensibility from Mark Watson on 2014-10-15 (public-webcrypto@w3.org from October 2014)

From: Mark Watson <watsonm@netflix.com>
Date: Wed, 15 Oct 2014 15:52:02 -0700
To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CAEnTvdBqjCgpNXdcm5DnTS_zwXrxZvxPCbEiqN3+fpSRcmN9tg@mail.gmail.com>

All,

According to the status on Bug 25618, I am working on proposed revisions to
specify extensibility for import / export more explicitly in terms of the
enum / string / OID values specified in the main spec, extension specs or
unrecognized (as per Richard's generic proposal).

So, it would not be possible for extension specifications to completely
override the import / export procedures as per my original proposal.

In the case of elliptic curves, this has some consequences. I would like to
know if the group is ok with these:

(1) For SPKI and PKCS8 import / export the curve must be identified
entirely and only by the namedCurve choice of the parameters field of the
algorithm field of algorithm field of the SPKI
(2) for SPKI import, the EC public key can be identified by the "conversion
steps defined in Section 2.2 of RFC 5480"
(3) for PKCS8 import, the EC private key can be identified by
the "conversion steps defined in Section 3 of RFC 5915"
(4) for JWK import, the EC public key can be identified by "interpreting
jwk according to Section 6.2.2 of JSON Web Algorithms"
(5) for JWK import, the EC private key can be identified by "interpreting
jwk according to Section 6.2.1 of JSON Web Algorithms"
(6) for SPKI export, the EC public key has a defined representation as an
octet string
(7) for PKCS8 export, the key has a defined representation as "an instance
of the ECPrivateKey structure defined in Section 3 of RFC 5915"
(8) for JWK export, the EC public key has a representation as "x" and "y"
values according to Sections 6.2.1.2 and 6.1.2.3 of JWA, respectively and
the EC private key has a representatopm as a "d" value according to 6.2.2.1
of JWA

If any of these things are not true for some potential future named curve
then the curve could only be added to the existing ECDSA and ECDH
algorithms if the key format concerned is not supported. Otherwise, the
curve would have to be added as a new algorithm instead.

Alternatively, we can punt much more of the definition of EC import /
export for "extension" values of namedCurve to the extension
specifications, but this involves a much bigger text change.

Please let me know your opinions.

...Mark

Received on Wednesday, 15 October 2014 22:52:29 UTC